London, UK-based email archiving and security firm Mimecast has acquired Bethesda, Md-based security training company Ataata. Financial terms of the acquisition have not been disclosed
Mimecast, founded by CEO Peter Bauer and CTO Neil Murray in 2003, offers a SaaS-based email platform providing email security and management. Ataata was founded in 2016 by CEO Michael Madon. It offers a continuous training platform that analyzes results and predicts which staff may be security risks.
Research by Mimecast and Vanson Bourne in May 2018 highlighted the extent to which humans are the targeted weakness in cybersecurity. From a pool of 800 IT decision makers and C-level executives, 94% had witnessed untargeted phishing attacks, 92% had witnessed spear-phishing attacks, 87% had witnessed financially-based email impersonation attacks (BEC), and 40% had seen an increase in trusted third-party impersonation attacks.
Despite this, only 11% of the respondents claimed to use continuous staff training to help employees detect and respond to such email attacks. “Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work,” commented Bauer.
“As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behavior,” he continued. “According to a report from Gartner, the security awareness computer-based training market will grow to more than $1.1 billion by year-end 2020. The powerful combination of Mimecast’s cyber resilience for email capabilities paired with Ataata’s employee training and risk scoring will help customers enhance their cyber resilience efforts.”
Ataata brings humor to staff training. “Every module is drafted by professional television comedy writers who understand the reality of security in the enterprise,” it explains. “Yes, such people exist. We hired ’em. So our content is funny, deeply knowing about the contemporary workplace and driven by characters your employees will recognize all too well.” Ataata was founded on the principle that training should not be a compliance tool imposed by management, but a commitment enjoyed by staff.
Human error is involved in the majority of all security breaches, and casual mistakes can cost organizations money, their reputation — and employees, potentially their job. “Organizations need to understand that employees are their last line of defense,” says Madon. “Cybersecurity training and awareness doesn’t need to be difficult or boring. Training and awareness is needed to help mitigate these internal risks. Our customers rely on engaging content at the human level, which helps to change behavior at the employee-level. We’re excited to join forces with Mimecast to help customers build a stronger cyber resilience strategy that includes robust content, risk scoring and real-world attack simulation — going way beyond basic security awareness capabilities.”
Mimecast told SecurityWeek that teams from both firms will be working to integrate the products “to create the most advanced, sophisticated and effective cyber awareness training product on the market.” Over time, the two platforms will become more tightly integrated, but, says Mimecast, “the offering is immediately relevant and valuable to all of Mimecast’s target audiences.”
Ataata has not operated from a central office. Existing staff will be maintained as employees of Mimecast, and remain based where they currently live — with the exception of Madon. Madon, Mimecast told SecurityWeek, will relocate to Boston, where he “will now be leading up the newly established Mimecast Learning Labs, a training and certification program for Mimecast customers looking to achieve role-based excellence around security best practices.”
Mimecast went public in late 2015 at $10 per share, raising $78 million in gross proceeds. After the IPO, share value fell as low as $6.20 in January 2016. Since July 2016, however, share price has risen steadily to $42.99 at the time of writing. Ataata raised $3 million in a Series A funding round in December 2017.
Related: Security Awareness Training Top Priority for CISOs
Related: Why Phishing Works And How To Avoid Becoming a Victim

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Venafi Leverages Generative AI to Manage Machine Identities
- Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
- OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
- CISOs and Board Reporting – an Ongoing Problem
- Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
- The Team8 Foundry Method for Selecting Investable Startups
- Hacker Conversations: Alex Ionescu
- The Reality of Cyberinsurance in 2023
Latest News
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
- Every Network Is Now an OT Network. Can Your Security Keep Up?
